natd+ipfw+trafic shaping
Aleksandar Simonovski
aleksandar at unet.com.mk
Tue Oct 21 06:08:57 PDT 2003
Hi all,
can anyone explane why this rules doesn't work:
rl0 EXTINF
rl1 INTINF
add 1000 divert 8668 ip from any to any via rl0
add 1200 allow ip from any to any via lo0
add 1300 deny ip from any to 127.0.0.1/8
add 1400 deny ip from 127.0.0.1/8 to any
add 1500 check-state
add 1550 allow icmp from any to any keep-state
add 1600 allow log udp from any to any 53 keep-state
add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state
add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state
#add 1900 allow log udp from any 137 to any keep-state
add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state
add 2100 deny log ip from any to any
queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00
queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00
pipe 1 config bw 128kbit/s
and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not
as it should be. I now this has something to do with natd and rule 1000
but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24)
any help would be appreciated
More information about the freebsd-net
mailing list